snapd

/etc/apparmor.d/snap.core.<revision>.usr.lib.snapd.snap-confine files not removed with 'snap remove core --revision=<revision>'

Bug #1739485 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd
Invalid
Medium
Unassigned

Bug Description

I noticed that /var/lib/snapd/apparmor/profiles/snap-confine.d exists due to an older version of the core snap, so I did the following:

$ sudo snap remove core --revision=3646
$ sudo snap remove core --revision=3700

which left r3748 installed. While I wasn't terribly surprised that this didn't remove the now unneeded /var/lib/snapd/apparmor/profiles/snap-confine.d directory, I was surprised to see that these two files still existed:

/etc/apparmor.d/snap.core.3646.usr.lib.snapd.snap-confine
/etc/apparmor.d/snap.core.3700.usr.lib.snapd.snap-confine

See original description
Jamie Strandboge (jdstrand)
description: updated
description: updated
Revision history for this message
Michael Vogt (mvo) wrote :

Do they still exist after a `systemctl restart snapd` ? Iirc we cleanup those files on daemon startup only.

Changed in snapd:
importance: Undecided → Medium
status: New → Incomplete
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

@mvo, on another system that received r3748, I did:

$ snap info core
...
tracking: candidate
installed: 16-2.30 (3748) 87MB core
...

$ ls /etc/apparmor.d/
...
snap.core.3604.usr.lib.snapd.snap-confine
snap.core.3700.usr.lib.snapd.snap-confine
snap.core.3748.usr.lib.snapd.snap-confine
...

$ sudo snap remove core --revision=3700
core removed
$ sudo snap remove core --revision=3604
core removed

$ sudo systemctl restart snapd

$ ls /etc/apparmor.d/
...
snap.core.3748.usr.lib.snapd.snap-confine
...

So, a daemon restart is sufficient to remove the profiles. Marking Invalid.

Changed in snapd:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.